Time for action – session hijacking over wireless
Set up the test exactly as in the Man-in-the-Middle attack lab. On the victim let's fire up the browser and type in "google.com". Let us use Wireshark to monitor this traffic. Your screen should resemble the following:
Apply a Wireshark filter for DNS and as we can see, the victim is making DNS requests for "google.com":
In order to hijack the browser session we will need to send fake DNS responses which will resolve the IP address of "google.com" to the hacker machine's IP address 192.168.0.199. The tool we will use for this is called Dnsspoof and the syntax is
dnspoof –i mitm-bridge:
Refresh the browser windows and now as we can see through Wireshark, as soon as the victim makes a DNS request for any host (including google.com), Dnsspoof replies back:
On the victim machine, we see an error which says "Connection Refused". This is because we have made the IP address for google.com as 192.168.0.199 which is the hacker machine's IP, but there...
